Criminals Target CMS Systems to Deploy Malicious Monero Mining Tools

Cybercriminals all over the world have taken a liking to Bitcoin over the past few years. Up to this point, it remains unclear as to why that is, considering Bitcoin has no privacy or anonymity features whatsoever. However, it seems the tide is slowly turning and Monero is quickly becoming the new go-to cryptocurrency in this regard. Especially when it comes to mining Monero, criminals are coming up with increasingly crafty solutions.

Malicious Cryptocurrency Mining Efforts Intensify

Given the recent surge in Monero mining-related scripts on websites, it is not entirely surprising to see criminals take a keen interest in this new “industry”. More specifically, they are trying to come up with new ways to mine Monero using other people’s computing resources. Embedding a mining script on webpages has proven to be quite successful in this regard, and it looks as if we will see even more efforts like these in the near future.

More specifically, a new report by IBM’s X-Force shows how the number of attacks related to delivering cryptocurrency mining tools on enterprise networks has increased. That is not a good sign by any means, as it shows criminals are looking for new ways to maliciously mine Monero. For now, the preferred attack vector involves infecting WordPress and Joomla servers with such mining scripts.

There are actually multiple ways to infect sites with malicious cryptocurrency mining “tools”. Embedding Javascript on a hacked site is just one of the many ways to successfully achieve such goals. It has proven to be pretty lucrative over these past few weeks, although this is likely only the beginning. CMS platforms such as Joomla, WordPress and even JBoss lend themselves perfectly to the installation of such scripts.

However, another method growing in popularity involves modifying image files. In some instances, the assailants will use steganography to embed cryptocurrency mining tools within image files. We have written about this concept in the past already and it appears this attack vector is only getting more popular. After all, no one would expect an image file to mine Monero on behalf of criminals, yet that is exactly what is happening these days.

What is even more worrisome is how such Monero mining attacks often target manufacturing and financial services websites right now. Arts and entertainment is another popular sector in this regard. Surprisingly enough, the retail sector doesn’t suffer from such hacking attempts all that much. Considering how many images they host for products and services, one would expect things to turn out very differently. This doesn’t mean that trend will not change, though.

Last but not least, the report shows how new versions of the Mirai botnet no longer support cryptocurrency mining features right now. That is one positive trend people need to pay a bit more attention to. This doesn’t mean Miria botnet software is no longer actively distributed, mind you. However, it shows things are changing in the world of cybercrime, and countering the new trends will not be easy.